Mobile health apps fail to protect users’ data, researchers find

The majority of mobile health apps put users’ sensitive data at risk, according to a European study.

Researchers in Greece and Spain evaluated 20 popular, free mobile health apps which manage, store and monitor users’ biomedical data. The apps, available on Google Play, each had between 100,000 and 10 million downloads and a minimum rating of 3.5/5.

Of the apps analysed, 80% transmitted health-related data to third-party companies, with only half doing so over secure connections. This data included text as well as images, such as X-rays.

One in five of the apps did not refer users to a privacy policy, or the policy content was not available in English, the language of the app. Some apps required access to users’ camera and microphone, contacts list, external storage, Bluetooth and location, despite their functionality not being dependent on this access.

“Our findings reveal that the majority of the analysed applications do not follow well-known practices and guidelines, not even legal restrictions imposed by contemporary data protection regulations, thus jeopardising the privacy of millions of users,” the researchers concluded.

“We strongly support the use of mobile health apps, but users must know that apps’ popularity does not ensure privacy and security,”commented Dr Agusti Solanas of Rovira i Virgili University in Spain.

After informing app developers about their findings, the researchers noticed that some issues had been fixed, including insecure health data transfers. However, other issues, such as app usage data leaks, had not been addressed at all.

“People need to become more aware of the risks they are facing,” said Dr Constantinos Patsakis of the University of Piraeus, Greece.